I work at one of the county government departments. I was accused of wrong conduct at the workplace, which is obviously made up for retaliation by my branch manager and a district manager, because the same thing happened at other branches by these same two managers.

Those accusations were completely baseless. A memo came back as "No disciplinary action will be taken."

They searched my office computer and printed out some of my emails (work related). I was so shocked when they showed me the print out of my office emails.

Are they allowed to break into an employee's office emails under the name of investigatory meeting? The employer is the government office.

The title of this question should be changed to "IT department accessing an office computer", although that would probably get less views.
– Nuclear WangFeb 4 at 14:30

4

Care to explain why you believe this is inappropriate in the first place? Cause if you think what you do at work is private and no one else in entitled to know... I've got news for you :/. News you may not like
– PatriceFeb 4 at 18:07

12

They almost certainly just pulled the emails from the central server, do you have any evidence they actually accessed your machine?
– KevinFeb 4 at 18:21

If you work for the county government, then it is my opinion that I should be able to obtain your work emails via FOIA request. The county probably thinks otherwise, but do not expect much sympathy from me with respect to the privacy of your emails.
– emoryFeb 5 at 1:20

8 Answers
8

No, they didn't. They searched the government's computer which you are allowed to use in course of your employment.

printed out some of my emails

No, they didn't. They printed out some of the government's emails which you wrote in the course of your employment.

Are they allowed to break into employe[e]'s office emails

You need to stop thinking of this as "breaking in". Stuff you do during your employment belongs to your employer. Assuming a competent IT department, they could just have pulled the e-mails off the server anyway.

I'm not saying that any of what happened is right, but this isn't even a vaguely sensible approach to fight it because it's based on a horribly false premise.

Note that this is very jurisdiction specific. The OP was asking about California, where your analysis is spot on. In the UK, viewing work emails without the author's permission needs to be done with care; in Germany it is a law suit waiting to happen.
– Martin BonnerFeb 6 at 7:43

"So yes, what they did was 100% legal." Out of curiosity: are you a lawyer or something similar?
– TrilarionFeb 4 at 15:41

8

@Trilarion I was once a digital forensic consultant. In other words, the kind of person that would perform investigations exactly like this one. We were required to know the ins and outs of the legalities behind our investigations before so much as sending off a Statement of Works
– 520Feb 4 at 16:12

2

Only 100% legal if the company allowed these two managers to search the computer. And HR might get a heart attack if they here if this happening, because letting anyone but qualified IT personnel searching a computer is likely absolutely against company policy.
– gnasher729Feb 5 at 8:07

1

@gnasher729 It is not clear if the managers themselves did the investigation or got an investigator to do it for them. Either way, the most it would affect is that the outcome of a tribunal isn't a slam-dunk case in favour of the employer if OP had disciplinary action taken, as it is unlikely a manager would know how to prove evidence wasn't simply planted. We also don't know how much authorisation the manager did or did not have; If allegations have been made it is 100% possible they were able to get authorisation for the investigation if they did not have blanket authorisation already.
– 520Feb 5 at 12:19

3

@gnasher729 It would only not be legal if they weren't authorized by the company to do it. There is no legal requirement to be trained in computer forensics to access employee computer systems or e-mails. The "we were required" part of 520's comment was presumably referring to be required by company policy, not required by law. IT staff routinely need to access various things on employee computers in the normal course of doing their job, even aside from investigations. The computer forensics training is more so that evidence gained can be legally admissible in court if required.
– reirabFeb 5 at 17:01

This is also touching issues about professionalism and loyalty. You should avoid using equipment belonging to your employer for your private gain without asking first. For example, no private communication using your work e-mail. And all communication you do in your role as an employee should be loyal to your employer.

In theory, if you are both loyal and only use the computer and accounts for your work, then you have nothing to fear from bring monitored. I know this is a stretch of the truth, we all have things to hide and unfortunately not all employers are using facts gained from monitoring in a fair or reasonable way. But this is the reasoning any employer in existence will use, and you will have a very hard time trying to defend yourself from this "privacy intrusion". Just assume that you are monitored at work.

> You should avoid using equipment belonging to your employer for your private gain without asking first. Government agencies, especially the federal government, have SERIOUS rules about this. Same goes for even the slightest political activities. It doesn't matter than the value of your two megabytes of data sent is practically zero, it is still considered misuse of government property.
– aidanh010Feb 4 at 4:28

"Generally, it is permissible for you as an employer to monitor..." - in some cases strict regulations mean it is essentially required that they do so, not simply permissible to do so if they desire. Never do anything on a work device that you wouldn't want the company, and any regulatory bodies that they are covered by, to have full knowledge of.
– David SpillettFeb 4 at 11:09

2

"if you are [...] loyal [...], then you have nothing to fear from being monitored" -- You do not happen to work for the Chinese government, do you?
– Hagen von EitzenFeb 4 at 18:41

"In theory, if you are both loyal and only use the computer and accounts for your work, then you have nothing to fear from bring monitored." This is clearly false (e.g. if you complain about an IT staff member to their manager in an email that they read), and harms the answer. I suggest you delete it.
– OddthinkingFeb 5 at 12:50

More than permitted, it is essential that other authorised people in the company can get to your emails.

At my previous company, our technical director left to work elsewhere. No big deal, it happens. But a few weeks after he left, we discovered that he'd arranged payment for server space on his company credit card and not logged details with accounts. When he left, the company cancelled that card, and of course server space renewals failed.

So our IT guys requested access to his emails and had to trawl through to find those details. This reinforces that emails on company business must be accessible by the company.

Separately later, I needed some other information from his emails. Management insisted I only got to see a subset of his emails, not because of his confidentiality, but because he signed off on people's pay and other people's confidentiality was the issue there.

With the use of shared mailboxes many company doesn't need to access private mail. Just add a cc, answer to every mail using the correct shared box. Getting access to "personal" to a named mail box is done with care. PC shutdown/Log out after every question. We are working on a copy on the mail archieve. No one see the screen. Employe has a printer if it want to show proof, but is not required to. And 2 worker representent in the room to be sure everything is ok.
– user95634Feb 6 at 7:42

As others have stated, the company / government owns the computer, not you. And, as such, they also have IT policies (often written in employee guidelines, or even as a big fat warning message when logging in) that all activity is monitored / logged and can be dug through if and when they please.

There is a sort of unwritten "acceptance" at most jobs that employees will use their computers for outside activities. EG: an employee paying some bills on the computer during their lunch break, or surfing the web for something for their kid or what-not. As folks go up the executive / management ladder, they're often stuck in their offices 12 hr days, and it's just a given they're going to use their work computer for personal activities.

In a perfect world, people would keep their personal activities only on a device they themselves own. But, it's not a perfect world.

In good IT settings I've been in, the IT folks (all IT / IS folks, really) act as guardians of secrets. The IT folks are monitoring everything that goes on on every computer in the company / workplace / college campus (for college computer labs) / etc .. but unless they have REASON to look into something, they just ignore and overlook any extracurricular activities. (EG: at my last job, I would IM with my gf all the time. The IM's would get a bit saucy, but nobody was dragging me off to HR dept to talk to me about them. I was a good employee that did my work. Could they have? Sure. But, at most companies it's a "we don't care unless we're asked to look into something". Managers were surfing the web in their offices. They were checking their bank accounts. None of that information was used against them, because our IS / IT dept had a policy of protecting it's employees and their personal information. And, an employees activity on a bank site has nothing to do with the company.. unless, say, the employee is embezzeling money from the company into their personal bank account.)

The only times I've seen IT investigating things is when some law was broken or a complain was filed. EG: someone's been embezzeling money.. obviously the IT dept is going to dig through that person's emails and computer with a fine-toothed comb to investigate. Or, an employee complains about someone watching porn on their computer (you'd be surprised how many execs sitting in their offices think they're completely isolated and private, but someone walking by sees something saucy going on on their computer.. and a complaint is filed with HR. Then the IT dept has to go to work and look at logs.. and eventually have a talk with the exec to tell them to stop visiting whatever site they're visiting.)

So, this makes me think they had reason to look into what you were doing. Maybe those two people are jerks and go out of their way to find things on their employees in order to hold them hostage or throw them under the bus. If that's the case, I'd find a new place to go work. (Hard enough just to do a job, worse still when you have a boss actively trying to work against you or get dirt on you to hold you hostage over something.)

There are petty managers that think "managing" is about digging up dirt on employees in order to get them under their thumb and abuse them. Had a gf that got her desk rifled through, and sat down and talked to over her "satanic music" found in her desk. The company has the right to dig through a person's desk (the desk is company property), but the "satanic music" was just a heavy metal cd she had in her desk. She turned the tables on them and asked if they were saying that they were discriminating against her on religious grounds (ie: manager thought he "had her" by trying to shame her for listing to "devil music", when really from an HR perspective that means he was discriminating against her via religion.) Petty work environments like that are to be avoided if at all possible.

In the case of government work (or any other kind of sensitive job), the computer should be handled with kid gloves. You just have to work at a place to feel the environment out to see if they have a lax monitoring policy or a strict one. If it's super-strict, they will often have notices when you log in reminding you that everything you do is being monitored.

But, bottomline is.. just becasue they don't say you're being monitored doesn't mean they're not monitoring you. And, it's their property. Think of it like being in school again. The teachers can go around checking your locker, becasue it's school property. You don't own the locker.

If you have something serious to discuss with someone, and you're worried about it biting you in the rear, it's best to have a face-to-face conversation, that way an email or phone call can't come back to haunt you. Once you fire off an email, it's basically stored on a server and can get dug up to get used against you when and if the company / job deems it necessary.. even if it seems to be based on petty office politics.

This is the most sensible and nuanced answer. Typically folks just say that everything that happens on employers' equipment or network is "theirs" and categorically dismiss any notions about discretion and tolerance for personal use (eg accessing gmail or personal accounts in the course of the workday).
– teego1967Feb 5 at 9:42

Emails are typically sent through a minimum of two servers. The sender sends the email to a sending server, which sends the email to the receiver's server, which delivers the mail to an email client the recipient is logged in as; they can even access the email from multiple computers as long as they're on the appropriate network and/or have the appropriate login credentials.

The important distinction here is that your work computer is only a client. All those emails are stored at the server. In many cases, servers also store emails until they are deleted, and even then, those emails are typically logged in a server log somewhere for later retrieval for situations just like this.

Nobody needed to "break in" to the computer you use. All that data is stored at the server. Further, in most jurisdictions, they are not your emails, but rather are emails that belong to the service provider (in this case, the government). Any email you send through a server can be read anyone with permission to do so.

Finally, as a point of distinction, unless you're using your own personal laptop, IT can certainly come in, log in as a network administrator, and peruse all of your files. They don't need to "break in" in the sense that you think they did, nor do they even have to physically log in to this computer; they can request all the files they want over the network.

So, in conclusion: don't send emails through your company email unless they are work related, and assume that any email you send or receive can be read by anyone in the IT department, at minimum, and law enforcement/courts/etc if required during the course of an investigation.

Are they allowed to break into an employee's office emails under the name of investigatory meeting? The employer is the government office.

Are you sure they broke into YOUR workstation with a username/password and looked at your email? And not that they looked on the mail server and looked at your mailbox? My guess is the later case here.

As far as if it is legal the answer is yes. Typically on government workstations you consent by logging in to a search except for certain protected stuff like legal and medical, if I remember right.

Quite a lot of people pointed out that an employee usually doesn't own the computer he or she works on, unless the office has a bring-your-own-device policy.

But both a company and a government agency (the OP didn't specify while agency she works for) should have some sort of data security and privacy policy. This policy will spell out who can search office computers and what steps must be taken before. it might require the presence by someone from HR or legal, or several people being present, and the direct manager of an employee might not be on that list.

(Where I work, the admins are able but not allowed to look at my files, unless there is a security incident like malware spreading in the intranet. And management is allowed to look at files under some circumstances, but not able to do so without the admins.)